CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5210 matches found

NVD•added 2024/02/28 8:15 p.m.•15 views

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

6.1CVSS5.6AI score0.00378EPSS

Exploits0References1

Prion•added 2024/02/28 8:15 p.m.•16 views

Cross site scripting

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

6AI score0.00378EPSS

Exploits0References1

Vulnrichment•added 2024/02/28 12:0 a.m.•9 views

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

5.8AI score0.00378EPSS

Exploits0References1

CVE•added 2024/02/28 12:0 a.m.•90 views

CVE-2024-25435

CVE-2024-25435 : A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. Affected software is Md1health Md1patient (version 2.0.0). The underlying cause is improper...

6.1CVSS5.7AI score0.00378EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/28 12:0 a.m.•13 views

Adsmonetizer < 3.1.3 - Reflected Cross-Site Scripting

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the token parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a us...

7.1CVSS6.7AI score0.00351EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/28 12:0 a.m.•20 views

postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m

Description The postMash – custom post order plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘m’ parameter in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

7.1CVSS6.5AI score0.00351EPSS

Exploits0References1

Cvelist•added 2024/02/28 12:0 a.m.•17 views

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

5.7AI score0.00378EPSS

Exploits0References1

WPVulnDB•added 2024/02/27 12:0 a.m.•14 views

Orbit Fox by ThemeIsle < 2.10.31 - Contributor+ Stored XSS via Form Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the form widget addr2width attribute due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages...

6.4CVSS6AI score0.00532EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/27 12:0 a.m.•15 views

Orbit Fox by ThemeIsle < 2.10.32 - Contributor+ Stored XSS via Post Type Grid Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions ...

6.4CVSS5.9AI score0.00486EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/27 12:0 a.m.•21 views

Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting

Description The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00532EPSS

Exploits0References1

WPVulnDB•added 2024/02/26 12:0 a.m.•7 views

User Feedback < 1.0.14 - Unauthenticated Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'pagesubmitted' 'link' value due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execu...

6.1CVSS6.4AI score0.00438EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/02/24 4:32 a.m.•16 views

CVE-2024-1810 Archivist – Custom Archive Templates <= 1.7.5 - Reflected Cross-Site Scripting

The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcodeattributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS6.2AI score0.00378EPSS

Exploits0References2

Veracode•added 2024/02/23 6:57 a.m.•11 views

Cross-site Scripting (XSS)

Enhavo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the Create Tag functionality, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload into the Create Tag field within the New/Edit Article panel...

5.4CVSS6.4AI score0.00397EPSS

Exploits1References3Affected Software1

WPVulnDB•added 2024/02/23 12:0 a.m.•16 views

Archivist – Custom Archive Templates < 1.7.6 - Reflected Cross-Site Scripting

Description The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcodeattributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.5AI score0.00378EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/23 12:0 a.m.•20 views

Brizy – Page Builder < 2.4.41 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Brizy – Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.4CVSS6.5AI score0.00516EPSS

Exploits0References1Affected Software1

WPVulnDB•added 2024/02/23 12:0 a.m.•13 views

YML for Yandex Market < 4.2.4 - Reflected Cross-Site Scripting

Description The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feedid parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.1AI score0.00466EPSS

Exploits0References1Affected Software1

OSV•added 2024/02/22 3:30 p.m.•12 views

GHSA-PCM8-QQRP-W6QF Enhavo Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

6.1CVSS5.8AI score0.00443EPSS

Exploits1References4

OSV•added 2024/02/22 3:30 p.m.•12 views

GHSA-C579-HHW5-CR3P Enhavo Cross-site Scripting vulnerability

6.1CVSS5.8AI score0.00424EPSS

Exploits1References4

OSV•added 2024/02/22 2:15 p.m.•5 views

CVE-2024-25876

6.1CVSS5.9AI score

Exploits0References2

NVD•added 2024/02/22 2:15 p.m.•19 views

CVE-2024-25876